Integer Overflow Vulnerability in Microsoft Office and Outlook Products
CVE-2008-4025

Currently unrated

Key Information:

Vendor

Microsoft
Status
Open Xml File Format Converter
Office
Office Word Viewer
Office Compatibility Pack For Word Excel Ppt 2007
Vendor
CVE Published:
10 December 2008

What is CVE-2008-4025?

This vulnerability allows remote attackers to exploit an integer overflow in several versions of Microsoft Office and Outlook, particularly through RTF files or rich text emails. By triggering a heap-based buffer overflow, malicious actors can execute arbitrary code on the victim's machine, posing a significant security risk to users. The issue affects various versions of Microsoft Office Word, Outlook, and associated viewer and converter tools for both Windows and Mac platforms.

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securitytracker.com/id?1021370
vdb-entryx_refsource_SECTRACK

EPSS Score

69% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2008-4025 : Integer Overflow Vulnerability in Microsoft Office and Outlook Products